How To Enable AutoSSL in cPanel

This article describes how to enable AutoSSL in cPanel. It explains the steps to manually run AutoSSL, verify that SSL certificates are issued for the desired domains or subdomains, and provides troubleshooting guidance for common validation issues, such as existing certificates, DNS records, and .htaccess configuration. 

Enable AutoSSL in cPanel

The Let's Encrypt software, which generates free SSL certificates, is typically enabled by default. However, if it is not, you can enable it manually from cPanel: 

1. Log in to cPanel.
2. In the SECURITY section, select SSL/TLS Status. 
3. Select the checkboxes next to the domains or subdomains you wish to secure with an SSL certificate, then click Run AutoSSL. Please note that the validation and installation of the free SSL certificate may take up to one hour.

Ensuring successful validation

Let's Encrypt certificates can only be validated using file‑based or DNS‑based authentication. Follow these steps to ensure successful validation: 

1. Remove existing certificates – Let's Encrypt certificates will not install over other certificates, even if they are self‑signed or expired. In cPanel, go to the SSL/TLS section and click Manage SSL Sites. Uninstall any old or invalid certificates, then return to SSL/TLS Status and click Run AutoSSL again. 
    
2. Enable AutoSSL for the domain – If the domain or subdomain shows Include during AutoSSL under Certificate Status, click the button to enable it. Once enabled, the option will change to Exclude from AutoSSL. 
    
3. Verify DNS points to our server – Make sure the website is loading from our server. Use a DNS checker (e.g., whatsmydns.net) to confirm that the A record’s IP address matches your server IP. You can find your server IP in the Server Information section of your cPanel. If the IPs do not match, your site is not loading from our server; you will need to contact your website host to install an SSL certificate. 
    
4. Check for conflicting AAAA records – If your A records point to us but your nameservers are external, use a DNS checker to see if any AAAA records exist. Some DNS managers add AAAA records that lead nowhere, interfering with AutoSSL validation. Remove any unnecessary AAAA records and test again. 
    
5. Add validation rules to .htaccess – Sometimes code on your site blocks the validation process. To resolve this, add the following lines to the top of your .htaccess file: 
   RewriteCond %{REQUEST_URI} !^/[0-9]+\..+\.cpaneldcv$ 
   RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/.+$ 
   RewriteCond %{REQUEST_URI} !^/\.well-known/acme-challenge/[0-9a-zA-Z_-]+$ 
   RewriteCond %{REQUEST_URI} !^/\.well-known/pki-validation/[A-F0-9]{32}\.txt(?:\ Comodo\ DCV)?$ 
    
6. Handle AutoSSL errors – If you receive notifications with the message “An error occurred the last time AutoSSL ran,” you can exclude the affected domains by following the guide provided. 
    
7. If Run AutoSSL is missing – If the Run AutoSSL button does not appear in your cPanel account, this feature has not been enabled in your Feature List. Contact your reseller or system administrator to resolve this.